17 Discord malware packages found in NPM repository
17 Discord malware packages found in NPM repository click here to read full Article Read More on latest Security Updates
Tagged: Packages
Pip-audit: Google-backed tool probes Python environments for vulnerable packages
Pip-audit leverages the PyPI JSON API to compare dependencies against the Python Packaging Advisory Database – a repository of security advisories that collects much of its data from the NVD CVE feed. click here...
Emotet being spread via malicious Windows App Installer packages
Microsoft’s Azure cloud services have become an attractive option for attackers to store content. Not just for malicious files as in the case of Emotet, but also for phishing sites and C2 servers. click...
Python Packages Stealing Discord Tokens and More
Package managers are now becoming a common target for cybercriminals to exploit to their advantage. Researchers have discovered 11 malicious Python packages in the PyPI repository sealing Discord access tokens, passwords, and even carry...
Malicious Packages on Python Package Index Caught Stealing Discord Tokens, Installing Remote Access Shells
These packages can be used for the collection and theft of user data, passwords, and Discord access tokens and the installation of remote access shells for remote access to infected systems. click here to...
Two NPM Packages With 22 Million Weekly Downloads Found Backdoored
In what’s yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by...
Malicious Packages Disguised as JavaScript Libraries Found
Researchers at open-source software firm Sonatype have uncovered multiple malicious packages that disguise themselves as legitimate JavaScript libraries on npm registries to launch cryptominers on Windows, macOS and Linux machines. click here to read...
Python Packages Stealing Discord Tokens and Much More
Eight libraries contained malicious code and were removed by the officials. While two of the eight enabled an attacker to remotely run commands on the target’s device, the other six were stealers. click here...
Malicious npm Packages Steal Chrome Browser Passwords
Once again, some malicious npm packages surfaced online to fool users. This time, the npm… Malicious npm Packages Steal Chrome Browser Passwords on Latest Hacking News. click here to read full Article Read more...
Vulnerablecode – A Free And Open Vulnerabilities Database And The Packages They Impact And The Tools To Aggregate And Correlate These Vulnerabilities
VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure the...
Dependency Confusion Exploit Being Used to Create More Copycat Packages
After the release of a proof-of-concept for a new dependency confusion vulnerability by a researcher, hundreds of bogus npm packages have popped up targeting Amazon, Zillow, Lyft, and Slack NodeJS apps. click here to read...
Hackers Use Malicious NPM packages to Target Amazon, Slack with New Dependency Attacks
Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using a new ‘Dependency Confusion’ vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. Click here for image...
Discord-Stealing Malware Invades npm Packages
The CursedGrabber malware has infiltrated the open-source software code repository. Three malicious software packages have been published to npm, a code repository for JavaScript developers to share and reuse code blocks. Click here for...
Hackers Hide Malware in RubyGems Packages | Cyware Hacker News
Actors are employing malicious RubyGems offers in a source chain assault to steal cryptocurrency from potential victims. This kind of attempts by cyber adversaries sign increasing threats from various program elements. Graphic and Post...
Constant Onslaught of Malicious NPM Packages Bundled With njRAT Malware | Cyware Hacker News
Stability staff guiding the npm repository eradicated two offers made up of the destructive code to put in the njRAT on desktops of JavaScript and Node.js builders. Picture and Article Resource backlink Read More...
Malicious npm packages caught installing remote access trojans | ZDNet
The identify of the two deals was jdb.js and db-json.js., and each ended up developed by the exact same creator and explained on their own as equipment to aid developers perform with JSON information....
